On April 26, Microsoft released Security Advisory 2963983 for Microsoft Internet Explorer. In-the-wild exploitation of this vulnerability has been observed across limited, targeted attacks. The flaw is specific to a use-after-free vulnerability in VGX.DLL (memory corruption). Successful exploitation can give an attacker the ability to run arbitrary code (via remote code execution). The flaw affects the following:
- Microsoft Internet Explorer 6
- Microsoft Internet Explorer 7
- Microsoft Internet Explorer 8
- Microsoft Internet Explorer 9
- Microsoft Internet Explorer 10
- Microsoft Internet Explorer 11
Current McAfee Product Coverage and Mitigation
- McAfee Vulnerability Manager: The FSL/MVM package of April 28 includes a vulnerability check to assess if your systems are at risk.
- McAfee VirusScan (AV): The 7423 DATs (release date April 29, 2014) provide coverage for perimeter/gateway products and the command-line scanner-based technologies. Full detection capabilities, across all products, will be released in the 7428 DAT update (release date May 4, 2014).
- McAfee Web Gateway (AV): The 7423 DATs (release date April 29, 2014) provide coverage.
- McAfee Network Security Platform (NIPS): The UDS Release of April 28 contains detection.
- Attack ID: 0x4512e700
- Name: “UDS-HTTP: Microsoft Internet Explorer CMarkup Object Use-After-Free vulnerability”
- McAfee Host Intrusion Prevention (HIPS): Generic buffer overflow protection is expected to cover code execution exploits.
- McAfee Next Generation Firewall (NGFW): Update package 579-5211 (released April 29, 2014) provides detection.
- McAfee Application Control: McAfee Application Control provides coverage via the MP-CASP feature. Whitelisting will also prevent post exploitation behavior (ex: execution of dropped executables or the loading of dropped dlls.)
Resources
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
